Skip to content

Health Insurance Portability & Accountability Act (HIPAA)

Protect Medical Records in the US

• Assessment Report

• Policies & Procedures

• Remediation Tracking

• Action Plan Reminders

• Form Templates

• Vulnerability Scan​

• Pen Testing

Demonstrate your Compliance with HIPAA

Health Insurance Portability and Accountability Act (HIPAA) is a U.S. federal law enacted in 1996. Its fundamental purpose is to protect the privacy and security of individually identifiable health information. HIPAA sets national standards for the handling and safeguarding Protected Health Information (PHI), which includes any health-related data that can be linked to an individual. 

The main rules of HIPAA are:

  • The Privacy Rule: This rule establishes standards for protecting personal health information and an individual’s medical records. It gives patients the right to access their health information and limits the disclosure of PHI without the patient’s authorization.
  • The Security Rule: The HIPAA Security Rule lays out requirements for securing electronic PHI (ePHI). It outlines administrative, technical, and physical safeguards that covered entities must implement to protect ePHI from unauthorized access, use, and disclosure.
  • The Breach Notification Rule: This rule mandates covered entities and their business associates to notify the Department of Health and Human Services (HHS) and affected individuals in the event of a breach of unsecured PHI.
  • The Enforcement Rule: The Enforcement Rule outlines the procedures for investigations and penalties related to HIPAA violations.

HIPAA applies to covered entities and their business associates. Covered entities are organizations that must comply with the HIPAA regulations and include:

  • Healthcare Providers: Hospitals, clinics, doctors, dentists, psychologists, and other healthcare practitioners.
  • Health Plans: Health Maintenance Organizations (HMOs), Health Insurance Companies, and government programs like Medicaid and Medicare.
  • Healthcare Clearinghouses: These include organizations that process non-standard health information into a standard format (e.g., converting paper claims to electronic).
  • Business Associates: Business Associates are individuals or organizations that perform certain functions or activities on behalf of covered entities. They are included under HIPAA since their work involves the use or disclosure of PHI. Examples of business associates include IT support services, billing companies, and third-party administrators.

The Office for Civil Rights (OCR), which operates under the U.S. Department of Health and Human Services (HHS), is responsible for monitoring and enforcing compliance with HIPAA. OCR investigates complaints of HIPAA violations and can impose civil and criminal penalties for non-compliance.

While HIPAA covers a wide variety of security practices, healthcare providers and business associates need to be cognizant of the threat of cyber attacks and ransomware even if they are HIPAA-compliant. Connect with our HIPAA Experts to assess your controls and prove your compliance with HIPAA by sharing your assessment profile. Our engagement options are ideal for organizations of all sizes with and without an experienced in-house IT team. Connect with an expert or schedule a consultation to explore the option that is best for your organization. 

Engagement Options

Choose a plan that fits your need

Explore Blogs, Webinars and other Resources

Trusted by Reputed Companies

pVerify, Inc.
Electronic Data Solutions
Bernard Robinson & Company
Avance Care
iCliniq
Botsplash
Logically
Mr.Internet Systems
Vision Radiology
Tangible Solutions
Tangible Solutions
WorkSmart
Triyam
Med First Primary and Urgent Care
Arizona State Radiology
DataCaliper
Dose Spot Company Logo
DoseSpot
Forsyte I.T. Solutions
Tego Data

Accreditations and Associations

* Disclaimer: This list of accreditations is held by our team of employees and consultants.

What Our Clients Say

We used databrackets (formerly EHR 2.0) in our small medical practice for our risk analysis assessment to be in compliance with meaningful use. Their response was fast, the final report is detailed but simple and easy to follow. They were always available to answer our questions.
E. Compres
Pulmonary and Sleep Center of the Valley
I never miss the opportunity to learn something new …that’s why I am always registering to all free seminars offered on the web. databrackets (formerly EHR 2.0) happened to be the friendliest, comprehensive and up-to- date source of HIPAA Privacy and Security updates.
Alexandra V.
Community Healthcare Network
Today’s presentation was great! Thank you for sending the slides. My only feedback is that it would be fabulous to have the slides ahead of time so I could print them and take notes on the slides.Thanks for your time and knowledge today!
T.B., PM
Community Health Network
Particularly interesting was the flow chart on Administrative Simplification. I utilize all of the Security subcategories you list under the Security tile and appreciate knowing that I am hitting all of the relevant topics during my employee training.
Jessica B.
JD, CHC
I have re-worked our original risk assessment….We are using databrackets' (formerly EHR 2.0) Meaningful Use Security Risk Analysis Toolkit and it meets our needs. It was easy to use and I believe that it very beneficial to our meeting meaningful use.
Bill Curtis
Neurosurgical Associates Of Texarkana, TX
Information (webinars) presented by databrackets (formerly EHR 2.0) highlights some of today’s most demanding healthcare topics. The webinars help to direct those operating in today’s rapidly changing environment in the right direction.
Candace M.
Privacy and Security Officer, Springhill Medical Center

Our Growing List of Credentials

0 +
Assessments
0 +
Clients
0 +
Assessment Libraries
0 +
Years of Experience
0 +
External audits handled